I am going to have to setup an ASA 5505. I will have citrix and microsoft exchange sitting behind the ASA. should i just use one ip address and forward ports as needed, or should i use a seperate IP for citrix, exchange, asa public, etc.
Thanks for any responses, Bill
No you don't need to do this. As long as the public IP addresses are routed to the outside interface of your firewall then you only need to configure one address on the public interface eg.
Outside interface of ASA
Inside interface of ISP router
Then the rest of the addresses you can use as
static (inside,outside) 220.127.116.11 192.168.5.1 netmask 255.255.255.255
where 192.168.5.1 is one of your internal servers.
The ASA will then respond to any traffic destined for 18.104.22.168, NAT it 192.168.5.1 and forward it on to the internal server.
Obviously you need to allow the traffic from the outside with an access-list.
Also your servers may be on a DMZ in which case just substitute the "inside" in your static statement with whatever the DMZ interface is called.
If you have the addresses available I would advocate for using separate addresses for each server. In that case you will need just a straight static translation for each address. It is more simple and more clean. It is also a bit more obvious and that could be an advantage if something is not working and you are in the middle of troubleshooting.